Configuring LDAP administrators

There are two types of administrators for LDAP: full administrators and read-only administrators.

The administrator who is configured during the Couchbase Server installation (the built-in administrator) always retains the complete access to administer Couchbase Server, including LDAP.

Since the Couchbase Web Console can only read the LDAP database (and cannot write to it), all administrators must be created on the LDAP server.
After the user IDs of these LDAP administrators have been defined, they can be mapped to Couchbase Server using the Couchbase Web Console.

Enabling LDAP

Select the Enable check box to turn on LDAP support.
If a user doesn’t want to associate the installation with LDAP, this option can be turned off.

Mapping administrator IDs from the LDAP server

To map the LDAP administrators using the Couchbase Web Console, follow these steps:

In the Read-Only Admins window, enter the read-only administrator IDs.

In the Full Admins window, enter the full administrator IDs.

Both for the full and for the read-only administrator, enter only one user ID per line and press Enter after each user ID.
If you try to separate user IDs with commas, these will be treated as a part of the ID.

Select the appropriate radio button to designate which administrators are used as a default: Read-only, Full Admins, or None.

All users have to be first authenticated with the LDAP server to have access.
However, if a user ID was not entered in the UI either as the full or read-only administrator, that user will have a role that has been assigned as the default.

Enter a username and a password.

Click on Validate to test the user.

Test LDAP settings

To test the LDAP settings:

Sign out of the Couchbase Web Console.

Try to log in with the new administrative credentials.

If you enter the credentials of the full administrator, the screen will provide full access to all functions available through the Couchbase Web Console (see the LDAP Auth Setup screen above).

If you enter credentials of the read-only administrator, a screen with the read-only view will become available.
This screen doesn’t allow the user to enable or disable LDAP, or to configure administrators.